LWP-Authen-OAuth2-0.13

NAME

VERSION

Version 0.02

SYNOPSIS

See LWP::Authen::OAuth2 for basic usage. The one general note is that scope is scope is optional in the specification, but required for Google. Beyond that Google supports many client types, and their behavior varies widely.

REGISTERING

Before you can use OAuth 2 with Google you need to register yourself as a client. For that, go to https://code.google.com/apis/console. Follow their directions to create a project, choose your flow (which is called your client_type in this document - look ahead for advice on available types), and then you'll be given a client_id and client_secret. If you're in the Login, WebServer or Client client types you'll also need to register a redirect_uri with them, which will need to be an https://... URL under your control.

At that point you have all of the facts that you need to use this module. Be sure to keep your client_secret secret - if someone else gets it and starts abusing it, Google reserves the right to block you.

This module only handles the authorization step, after which it is up to you to figure out how to use whatever API you want to access.

CLIENT TYPES

Google offers many client types. Here is the status of each one in this module:

however that is not necessary since it is also the assumed default if no client_type is specified.

After registering yourself as a client with Google, you will need to specify the redirect_uri as an https URL under your control. If you just need this for one or two accounts there is no need to actually build anything at that URL - just go through the authorization as those accounts and grab your code from the URL. If you will support many, making that URL useful is your responsibility.

With this client type you are not guaranteed a refresh token, so the constructor does not require client_id and client_secret. (Passing them there is still likely to be convenient for you.) However there are several optional arguments available to $oauth2->authorization_url(...) that are worth taking note of:

access_type

Pass access_type => "offline", to $oauth2-request_tokens(...)> to request offline access. This means that you get a refresh_token which can be used to refresh the access token without help from the user. The intent of this option is to support things like software that delays posting a blog entry until a particular time.

In light testing this did not work for me until I passed the next argument, but then it worked perfectly.

approval_prompt

Pass approval_prompt => "force", to $oauth2-request_tokens(...)> to force the user to see the approval screen. The default behavior without this is that the user sees the approval screen the first time through, and on subsequent times just gets an immediate redirect.

login_hint

If you think you know who the user is, you can pass an email in this parameter to let Google know which account you are trying to access. Google thinks this may be helpful if someone is logged into multiple accounts at the same time.

On the first time it is the client's responsibility to open a browser and send the user to $oauth2-authorization_url(...)>. If you pass in redirect_uri => "http://localhost:$port", then your application is expected to be listening on that port. If you instead pass in redirect_uri => "urn:ietf:wg:oauth:2.0:oob", then the code you need will be in the title inside of the page the browser is redirected to, and you'll need to grab it from there.

The returned tokens always give you a refresh token, so you only have to go through this once per user.

The only special authorization argument is login_hint, which means the same thing that it does for webserver applications.

ACKNOWLEDGEMENTS

Thanks to Rent.com for their generous support in letting me develop and release this module. My thanks also to Nick Wellnhofer <wellnhofer@aevum.de> for Net::Google::Analytics::OAuth2 which was very enlightening while I was trying to figure out the details of how to connect to Google with OAuth2.

LICENSE AND COPYRIGHT

Copyright 2013 Rent.com.

This program is free software; you can redistribute it and/or modify it under the terms of the the Artistic License (2.0). You may obtain a copy of the full license at:

Any use, modification, and distribution of the Standard or Modified Versions is governed by this Artistic License. By using, modifying or distributing the Package, you accept this license. Do not use, modify, or distribute the Package, if you do not accept this license.

If your Modified Version has been derived from a Modified Version made by someone other than you, you are nevertheless required to ensure that your Modified Version complies with the requirements of this license.

This license does not grant you the right to use any trademark, service mark, tradename, or logo of the Copyright Holder.

This license includes the non-exclusive, worldwide, free-of-charge patent license to make, have made, use, offer to sell, sell, import and otherwise transfer the Package with respect to any patent claims licensable by the Copyright Holder that are necessarily infringed by the Package. If you institute patent litigation (including a cross-claim or counterclaim) against any party alleging that the Package constitutes direct or contributory patent infringement, then this Artistic License to you shall terminate on the date that such litigation is filed.

Disclaimer of Warranty: THE PACKAGE IS PROVIDED BY THE COPYRIGHT HOLDER AND CONTRIBUTORS "AS IS' AND WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES. THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT ARE DISCLAIMED TO THE EXTENT PERMITTED BY YOUR LOCAL LAW. UNLESS REQUIRED BY LAW, NO COPYRIGHT HOLDER OR CONTRIBUTOR WILL BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, OR CONSEQUENTIAL DAMAGES ARISING IN ANY WAY OUT OF THE USE OF THE PACKAGE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

Module Install Instructions

To install LWP::Authen::OAuth2::ServiceProvider::Google, simply copy and paste either of the commands in to your terminal